Step 4: Create a vault.hcl file which holds all the vault configuration.

1

sudo vi/etc/vault.d/vault.hcl

Step 5: Copy the below configuration and save the file.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

listener"tcp"{

address="0.0.0.0:8200"

tls_disable=1

}

telemetry{

statsite_address="127.0.0.1:8125"

disable_hostname=true

}

storage"file"{

path="/vault-data"

}

ui=true

Step 6: Enable, start and check the status of vault service.

1

2

3

sudo systemctl enable vault

sudo systemctl start vault

sudo systemctl status vault

Step 7: Access the vault UI using the public IP /Private IP on port 8200 as shown below.

1

http://54.218.168.196:8200/ui

When you access the vault UI, by default it will be sealed as shown below.

Step 8: Initialise vault using initialise button with 3 key shares.

Step 9: Download the keys using the “Download Keys” button and click “continue to unseal” button.

Note: The key files is very important and you should keep it safe. For any reason if you restart the server or vault service, vault get locked. You will need these keys to unlock it.

Step 10: Enter three keys one by one from the downloaded key file to unseal vault.

Step 11: Once unsealed, login to vault with the root_token from the downloaded key file.

Thats it! You will be logging in to vault server with all default settings.

Hope this article helps with your initial vault setup on AWS ec2. For production use cases, you should have HA, SSL and other configurations enabled. Connect with me at [email protected] to such use cases.